1. Field of the Invention
The present invention relates to an authentication system and method which, when electronic transactions are conducted between organizations, verifies that a document has been transferred through an authorized creator and approvers and appends the representative' s digital signature to the document that has been circulated via the correct route.
2. Description of the Related Art
In recent years, companies have been confronted by a problem of illegal transactions by their employees. The recent illegal transactions show a tendency for a sharp increase in the sum of money involved and to become longer in term. The prevention of illegal transactions is one of the important problems which confronts companies. With the recent spread of the Internet, there is a trend toward conducting electronic transactions between companies. In such electronic transactions, the prevention of illegal transactions is necessary.
With the electronic transactions, the development of authentication technologies utilizing recent cryptographic techniques enables electronic authentication of individuals on a computer network. For example, for a user A to send a document to a user B, the user A appends his or her digital signature to that document. The user B who receives the document can then confirm that the received document was one created by the user A by verifying the digital signature of the user A.
However, the network-based electronic transactions have the following problems.
By utilizing an authentication technology for intra-company documents, persons in charge of handling a document, such as a creator and an approver of that document, can be identified. The authentication technology is merely adapted to identify each individual. That is, although the person who created the document can be identified, it is impossible to determine whether that person really has authority to create the document. Likewise, although the person who approved the document can be identified, it is impossible to determine whether that person is really authorized to approve the document.
With documents that are communicated within a company, mere identification of persons who handled a document is not sufficient; it is important whether or not the persons who handled the document are authorized to handle it.
In electronic transactions between companies, assume that a company A sends a document to a company B. Then, the company A will append the representative's digital signature to that document in order to indicate that it was definitely created by the company A. The company B can verify the digital signature appended to the received document to confirm that the document was definitely created by the company A.
If the company A gives means of appending the representative's digital signature to a person in charge of creating or inspecting documents, there will arise the possibility that this person may append the representative's digital signature even to documents which are not related to his or her duties, to thereby perform illegal transactions. In order to conduct secure electronic transactions between companies, therefore, it is required for a document-sending company to install such a system as allows the representative's digital signature to be attached to a document immediately prior to transmission of it.